Purpose
The Security Architecture & Standards Centre of Expertise is a team within the Enterprise Information Security Office (EISO) at SITA. The mission is to ensure the infrastructure supporting SITA products and solutions is designed to meet corporate, market and regulatory compliance requirements, enabling SITA’s business objectives. The remit covers all shared and dedicated infrastructure supporting SITA as a business, as well as the infrastructure used to deliver our products and customer solutions.
Key Responsibilities
* Provide approvals for enterprise and solution architects at key stage gates that the infrastructure has been designed in accordance with security architecture governance.
* Document governance and approval decisions in wikis, architecture documents, blueprints and other artefacts.
* Provide security architecture guidance & guardrails through the infrastructure lifecycle (technology acquisition, design, development, deployment, operations and disposal).
* Work with DevOps teams and Product Owners in developing policies, configurations, infrastructure as code and other automations of security controls as SITA implements DevSecOps (shift left).
* Provide guidance & governance around the technologies that secure the SITA infrastructure: architecture strategy and security architecture guidance & guardrails.
* Provide security input to Product Managers at the ideation stage when assessing potential new technologies, products and solutions.
* Research emerging infrastructure security technologies and trends.
* Influence SITA security policy & standards and the overall infrastructure security strategy.
Experience
* 8+ years experience in an IT environment.
Required Knowledge & Skills
* Systems and big-picture thinking.
* In-depth knowledge of technical cyber security controls and their applicability to complex infrastructure and application architectures, including Next-Generation Firewalls, Network IDS/IPS platforms, Web Application Firewalls, EDR, encryption technologies, identity & access management, logging & monitoring (SIEM), vulnerability management and more.
* Strong understanding of cloud-based architecture and development (Infrastructure as Cloud, CI/CD pipelines) and cloud-based security controls (SASE, CSPM, CASB).
* Strong understanding of security automation (Ansible, Terraform, Puppet).
* Strong understanding of operating system and IT infrastructure hardening (CIS Benchmarks).
* Knowledge and demonstrated application of key security principles such as defence in depth, zero trust, least privilege and segregation of duties.
* Excellent understanding of software-defined networking (SD-WAN) and key networking technologies (IPv4 & IPv6, OSPF, BGP, IPSEC, MACSEC, DNSSEC).
* Experience with PCI DSS compliant designs and P2PE.
* Strong communication skills, especially in taking complex technical information and presenting it to a non-technical audience.
* Proven ability to work with operations teams to plan projects, deal with technical issues and provide knowledge transfer.
* Excellent interpersonal skills, including the ability to influence and collaborate with teams having different reporting lines.
* Performing data analytics, correlation and root-cause analysis.
Desirable
* Design experience with complex distributed DNS infrastructure, including Anycast and RPZs.
* Sound understanding of PKI including certificate chains, policies and automation through ACME or REST APIs.
* Knowledge of privileged access / identity management.
* Understanding of data privacy / security principles and experience with Data Loss Prevention techniques and technologies.
* Exposure to working with global Internet, IP Transit, Metro-E and MPLS providers.
* Knowledge of the management of Windows, Linux, VMware and KVM environments at scale.
* Previous experience with Agile and / or DevOps methodologies.
Profession Competencies
* Architecture Modeling
* Cloud Computing
* Commercial Acumen
* Configuration Management
* Contingency and Disaster Recovery
* Data Architecture
* Enterprise Architecture & Governance
* IT Industry: Trends & Directions
* Information Security Architecture
* Managing Risk
* Network Architecture
* Requirements Analysis
* Service-Orientated Architecture (SOA)
* Solution Architecture
* Standards Procedures & Policies
* System and Technology Integration
* Technical Writing/Documentation
Additional Qualifications
* Degree in a technical discipline (e.g., Computer Science, Engineering, Mathematics) or sufficient work experience to demonstrate proficiency at this level.
* CISSP, CISM or similar certification in the security field.
* Vendor certifications, particularly in cloud and network security (Azure, AWS, VMware, Palo Alto, Fortinet, Cisco, Juniper, Versa Networks).
* Exposure to or certification in at least one of the following: TOGAF, SABSA, SaFE, ITIL 4 Strategic Leader.
What We Offer
* Flex Week: Work from home up to 2 days per week (depending on your team's needs).
* Flex Day: Make your workday suit your life and plans.
* Flex-Location: Take up to 30 days a year to work from any location in the world.
* Employee Wellbeing: Employee Assistance Program (EAP) for you and your dependents 24/7, 365 days per year and Champion Health, a personalized platform for wellbeing needs.
* Professional Development: Access to training platforms, including LinkedIn Learning.
* Competitive Benefits: Benefits that fit local market and employment status.
SITA is an Equal Opportunity Employer. We value a diverse workforce. In support of our Employment Equity Program, we encourage women, aboriginal people, members of visible minorities, and/or persons with disabilities to apply and self-identify in the application process.
#J-18808-Ljbffr